A CCESS G ATEWAY92 System Administration HASH-CRC32 HMAC-MD5Not all parameters that are part of the URL redirection string need to be included in thesignature calculation. The following parameters are considered sensitive and can be selected: UI (the ID of the NSE) MA (the subscriber’s MAC address) RN (the Room Number) PORT (the port number the subscriber is connected to) SIP (the subscriber IP address, removed in NSE releases 8.2 and later)The desired secret key simply needs to be entered in the field. Once entered, it is not visible tothe user.Information that indicates which parameters were signed, along with the resultant hash value,are then included in some additional parameters that are appended to the redirection string.In order to utilize the parameter signing feature, the EWS or Portal Page Server used must beconfigured to correctly parse and verify the signing information. Documentation that includesguidelines for configuring a server to support signing can be obtained by contacting NomadixTechnical Support.Establishing Secure Administration {Access Control}The Access Gateway allows you to block administrator access to interfaces (Telnet, WMI andFTP, SSH and SFTP) and incorporates a master access control list that checks the source (IPaddress) of administrator logins. A login is permitted only to the interfaces that have not beenblocked, and only if a match is made with the master “Source IP” list contained on the AccessGateway. If a match is not made with the “Source IP list,” the login is denied, even if a correctlogin name and password are supplied. The access control list for source IPs supports up to 50(fifty) entries in the form of a specific IP address or range of IP addresses.This procedure allows you to enable the “Access Control” feature and block administratoraccess to specific interfaces, and add or remove administrator “Source IP” addresses.The NSE supports secure https connections to the Web Management Interface (WMI). Correctcertificates must be installed on the NSE flash memory for these connections to functionproperly. The same certificate set that is used to support SSL connections for subscribers isused for this purpose. For documentation about configuring the system to support secureconnections, contact technical support. See Technical Support.In addition, corresponding options to block https connections (independent of http) areincluded in the NSE's Access Control functionality, for both the network and subscriber sides.
